Scenario

Does Google Cloud (once called GCP) provide a way to limit traffic through Cloud Load Balancer and Cloud Armor?

Operation

You can use Google Cloud Armor to achieve your goal of restricting access from specific source IPs. Create a security policy, specify the IPs you want to restrict, and assign the policy rules to an HTTP(S) Load Balancer to restrict access from specific IPs.

Enabling Cloud Armor incurs additional costs. Below are the charges for Cloud Armor Standard Tier:

(1)WAF HTTP requests

(2)WAF security policies

(3)WAF rules

The Cloud Armor Standard Tier charges are based on the number of WAF HTTP requests, WAF security policies, and WAF rules. If you want to restrict traffic, it is recommended to block all users first and then create a whitelist. Additionally, Cloud Armor may take approximately 5 minutes to take effect. Please test it before updating to the production environment to avoid connection issues.

Managed Protection

Standard vs. Managed Protection Plus

We can summarize the differences between them in terms of two advanced features (Named IP Lists and Adaptive Protection):

Named IP Lists: Cloud Armor integrates IP lists from third-party vendors (currently Fastly, CloudFlare, and Imperva), allowing you to configure IPs or IP ranges from vendors like CloudFlare without manually configuring them in Cloud Armor.
Adaptive Protection: GCP uses machine learning and other technologies to help monitor potential security threats. It continuously analyzes your system, and when it detects potentially malicious behavior, it will trigger an alert and suggest rules for you to add to your Cloud Armor rules.

Standard Version: A pay-as-you-go model, generally used for WAF rules. You can use Adaptive Protection, but it only provides basic dashboard features (no alerts or suggested rules, etc.).
Plus Version: An annual subscription plan that includes everything in the Standard version, plus named IP address lists and full Adaptive Protection features.